Skills
.Work. You
Rest

security-detections-mcp

Official

Query detections across SIEMs with ATT&CK coverage

Software Engineering#mcp#coverage analysis#sigma#mitre att&ck#detection engineering#splunk escu#navigator layer
AuthorAradotso
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Teams struggle to quickly find relevant security detections across multiple rule formats while understanding how well their coverage maps to MITRE ATT&CK and where detection gaps exist.

Core Features & Use Cases

  • Unified cross-platform detection querying: Search and retrieve rules across Sigma, Splunk (ESCU), Elastic, KQL, Sublime, and CrowdStrike CQL formats from one MCP interface.
  • MITRE ATT&CK mapping and coverage analysis: Identify which tactics, techniques, actors, and procedures are covered (and which are missing) for use cases like ransomware readiness and actor emulation.
  • ATT&CK Navigator layer output: Generate layer JSON to visualize coverage for stakeholders and to guide engineering sprints.
  • Autonomous detection engineering workflows: Support a pipeline approach that ingests CTI, runs gap analysis, and helps draft detection improvements.

Quick Start

Ask for detection coverage by saying: "Show me Splunk detections for credential dumping and summarize the MITRE ATT&CK coverage gaps for that technique."

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: security-detections-mcp
Download link: https://github.com/Aradotso/security-skills/archive/main.zip#security-detections-mcp

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.